diff --git a/config.inc b/config.inc index ece0ba5f8ec..4ec1da33078 100644 --- a/config.inc +++ b/config.inc @@ -45,12 +45,8 @@ $notify_from = "droppies@zind.net"; # # Comment meta reasons: -# The comment meta reasons are the various meta reasons used to -# moderate comments. The array should always be 'balanced': that -# the number of good reasons should equal the number of bad reason -# and those should be ordered from bad to good. # -$comments_meta_reasons = array('Off topic', 'Redundant', 'Insightfull', 'As is', 'Interesting', 'Informative', 'Funny'); +$comments_votes = array("-1" => "-1", "0" => "0", "+1" => "+ 1", "+2" => "+ 2", "+3" => "+ 3", "+4" => "+ 4", "+5" => "+ 5"); # # Categories: @@ -60,7 +56,7 @@ $categories = array('Announcements', 'Arts & Humanities', 'Business & Economy', # # Allowed HTML tags: # -$allowableHTML = array('B','/B','I','/I','P .*','P','/P','A .*','/A','LI','OL','/OL','UL','/UL','EM','/EM','BR','STRONG','/STRONG','BLOCKQUOTE','/BLOCKQUOTE','HR','DIV .*','DIV','/DIV','TT','/TT'); +$allowed_html = "
      "; # # Name of the 'anonymous' user account: diff --git a/diary.php b/diary.php index a1735614355..6e0b0d33bbf 100644 --- a/diary.php +++ b/diary.php @@ -1,5 +1,6 @@ \n"; @@ -73,7 +74,7 @@ function diary_add_enter() { $output .= "

      \n"; $output .= " Enter new diary entry:
      \n"; $output .= "
      \n"; - $output .= " HTML is nice and dandy, but double check those URLs and HTML tags!\n"; + $output .= " Allowed HTML tags: ". htmlspecialchars($allowed_html) ."\n"; $output .= "

      \n"; $output .= "

      \n"; @@ -88,19 +89,19 @@ function diary_add_enter() { } function diary_edit_enter($id) { - global $theme, $user; + global $theme, $user, $allowed_html; $result = db_query("SELECT * FROM diaries WHERE id = $id"); $diary = db_fetch_object($result); - $output .= diary_entry($diary->timestamp, $diary->text); + $output .= diary_entry($diary->timestamp, check($diary->text)); $output .= "

      \n"; $output .= "

      \n"; $output .= " Edit diary entry:
      \n"; $output .= "
      \n"; - $output .= " HTML is nice and dandy, but double check those URLs and HTML tags!\n"; + $output .= " Allowed HTML tags: ". htmlspecialchars($allowed_html) ."\n"; $output .= "

      \n"; $output .= "

      \n"; @@ -117,16 +118,16 @@ function diary_edit_enter($id) { } function diary_preview($text, $timestamp, $id = 0) { - global $theme, $user; + global $theme, $user, $allowed_html; - $output .= diary_entry($timestamp, $text); + $output .= diary_entry($timestamp, check($text)); $output .= "\n"; $output .= "

      \n"; $output .= " Preview diary entry:
      \n"; $output .= "
      \n"; - $output .= " HTML is nice and dandy, but double check those URLs and HTML tags!\n"; + $output .= " Allowed HTML tags: ". htmlspecialchars($allowed_html) ."\n"; $output .= "

      \n"; $output .= "

      \n"; @@ -145,11 +146,11 @@ function diary_submit($text, $id = 0) { global $user, $theme; if ($id) { - db_query("UPDATE diaries SET text = '".addslashes($text) ."' WHERE id = $id"); + db_query("UPDATE diaries SET text = '". check(addslashes($text)) ."' WHERE id = $id"); watchdog(1, "old diary entry updated"); } else { - db_query("INSERT INTO diaries (author, text, timestamp) VALUES ('$user->id', '". addslashes($text) ."', '". time() ."')"); + db_query("INSERT INTO diaries (author, text, timestamp) VALUES ('$user->id', '". check(addslashes($text)) ."', '". time() ."')"); watchdog(1, "new diary entry added"); } header("Location: diary.php?op=view&name=$user->userid"); diff --git a/function.inc b/function.inc index ff03936d5a9..0ff35e5a89e 100644 --- a/function.inc +++ b/function.inc @@ -29,14 +29,9 @@ function FixQuotes ($what = "") { return $what; } -function check_html($message) { - ## TODO - return $message; -} - -function filter_text($message, $strip="") { - ### TODO - return check_html($text, $strip); +function check($message) { + include "config.inc"; + return strip_tags(nl2br($message), $allowed_html); } function discussion_num_replies($id, $count = 0) { diff --git a/submit.php b/submit.php index 45b8c1e4176..fa28e2c69ba 100644 --- a/submit.php +++ b/submit.php @@ -120,7 +120,7 @@ function submit_preview($subject, $abstract, $article, $category) { $output .= "

      \n"; $theme->header(); - $theme->preview($user->userid, stripslashes($subject), stripslashes($abstract), "", stripslashes($article), date("l, F d, Y - H:i A", time()), stripslashes($category), "we-hate-typoes"); + $theme->preview($user->userid, check(stripslashes($subject)), check(stripslashes($abstract)), "", check(stripslashes($article)), date("l, F d, Y - H:i A", time()), check(stripslashes($category)), "we-hate-typoes"); $theme->box("Submit a story", $output); $theme->footer(); } @@ -129,7 +129,7 @@ function submit_submit($subject, $abstract, $article, $category) { global $user, $theme; ### Add submission to SQL table: - db_query("INSERT INTO stories (author, subject, abstract, article, category, timestamp) VALUES ('$user->id', '". addslashes($subject) ."', '". addslashes($abstract) ."', '". addslashes($article) ."', '". addslashes($category) ."', '". time() ."')"); + db_query("INSERT INTO stories (author, subject, abstract, article, category, timestamp) VALUES ('$user->id', '". check(addslashes($subject)) ."', '". check(addslashes($abstract)) ."', '". check(addslashes($article)) ."', '". check(addslashes($category)) ."', '". time() ."')"); ### Display confirmation message: $theme->header(); diff --git a/template.inc b/template.inc index 75197fda952..4a2d808b0e3 100644 --- a/template.inc +++ b/template.inc @@ -58,6 +58,26 @@ function displayOldHeadlines($theme, $num = 10) { $theme->box("Older headlines", $content); } +function displayCommentModeration($id) { + global $user; + + print "VOTE: "; + if (($user) && !($vote = user_getHistory($user->history, "c$id"))) { + + $output .= " "; + } + else { + $output .= "voted"; + } + + print $output; +} + function displayNewDiaries($theme, $num = 20) { $result = db_query("SELECT u.userid, d.timestamp FROM diaries d LEFT JOIN users u ON d.author = u.id ORDER BY timestamp DESC LIMIT $num");